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AMENDMENTS AND MSHON ^ HF THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in the 

application: 

1 . (Currently Amended) A method for authorizing execution of request actions 
transmitted between clients and servers of a data processing system, the method comprising: 

receiving a first message including a set of actions;, and a second menage 

simulating execution of the set of actions; 

from the simulated execution, mid building a list of allowable actions and user- 
definable inputs to the allowable actions; 

receiving a second message including user-reque sted actions andjnputs; 

comparing the list of allowable actions and user-definable inputs to the user- 
requested actions and inputs; and 

where the list of allowable actions and oser-definable inputs includes the user- 
requested actions and inputs, authorizing execution of the user requested actions. 

2. (Currently Amended) The method as set forth in claim 1, wherein the step of 
simulating comprises identifying all possible actions and inputs to the possible actions resulting 
feH-a from an execution of the set of actions at a client. 

3. (Original) The method as set forth in claim 1, wherein the step of simulating 
comprises invoking and triggering each command, field, user-selectable input option and HTTP 
request within the set of actions. 



2 



PAGE 5/10 * RCVD AT 6/2112006 3:52:19 PM [Eastern Daylight Time] * SVR:USPT0-ff XRF-1/10 * DNIS:2738300 * CS1D:2128952900 * DURATION (mm-ss):02-58 



06/21/06 15:52 FAX 2128952900 _ BROWN RAYSMAN ET AL ©006 

Attorney Docket No.: 3269/8 

4. (Currently Amended) The method as set forth in claim 1 , wherein the user- 
requested actions and inputs i*ete include actions and inputs provided during a user session 
performed in response to receipt of the first message at a client 

5. (Original) The method as set forth in claim 1, comprising: 

during the step of simulating, detecting an input control requesting entry of a 
data value and assigning a unique place holder to represent the data value; and 

during the step of comparing, matching a pattern of the unique place holder to 

the input received from the user. 

6. (Original) The method as set forth in claim 1, wherein the step of simulating 

comprises: 

detecting an input control requesting selection of one of a plurality of predefined 
data values; and 

interatively selecting one of the plurality of predefined data values and 
continuing simulation of the set of actions and building of the list of allowable actions and user- 
definable inputs with the selected one data value until each of the plurality of predefined data 
values is selected and listed. 

7. (Currently Amended) The method as set forth in claim l s comprising: 
prior to the step of simulating, tracing execution of the set of actions at a client; 

and 

during the step of simulating, providing results of the tracing in response to the 

user selectable user-definable inputs. 

8. (Currently Amended) The method as set forth in claim 1, comprising: 
prior to the step of simulating: 
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identifying actions within the set of actions of the first message; 
supplementing the first message with actions for tracing input to the 

identified actions; and 

transmitting the supplemented first message to a client; and 
during the set of simulating, providing results of the tracing as «se*H^etabte 
user-definable inputs to the identified actions are requested. 

9. (Original) The method as set forth in claim 8, wherein the results of the 
tracing are included within the second message; 

10. (Original) The method as set forth in claim 8 7 wherein the results of the 
tracing are included within the second message. 

Claims 1 1-15 (Cancelled) 

16. (Currently Amended) A method for authorizing execution of requested 
actions transmitted from a client to a server of a client/server data processing system, the 
method performed by a gateway coupled between the client and the server, comprising: 

receiving, from the server, a document including a set of actions; 

simulating execution of the set of actions; 

from the simulated execu tion. a*wl building a list of allowable actions and 
user-definable inputs to the allowable actions; 

receiving, from the client, and a message including user-requested actions and 

inputs; 

comparing the list of allowable actions and user-definable inputs to the user- 
requested actions and inputs; and 
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where the list of allowable actions and user-definable inputs includes the user- 
requested actions and inputs, transmitting the user-requested actions and inputs to the server 
for execution. 

J 7. (Original) The method as set forth in claim 16, comprising storing, at the 
gateway, the list of allowable actions and user-definable inputs. 

IS. (New) A method for authorizing execution of request actions transmitted 
between clients and servers of a data processing system, the method comprising: 

receiving a first message including programmable logic integrated with a 

client application; 

sim ulating execution of the programmable logic; 

from the simulated execution, building a list of allowable actions associated 
with the programmable logic and user-definable inputs to the allowable actions; 

receiving a second message including user-requested actions and inputs; 

comparing the list of allowable actions associated with the programmable 
logic and user-definable inputs to the user-requested actions and inputs; and 

where the list of allowable actions associated with the programmable logic 
and user-definable inputs includes the user-requested actions and inputs, authorizing 
execution of the user requested actions. 
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